is.gd/OIWvr5?TRFE
172.67.83.132301 Moved Permanently 0 B IP 172.67.83.132:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OIWvr5?TRFE HTTP/1.1
Host: is.gd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 20 Jan 2023 22:11:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 20 Jan 2023 23:11:06 GMT
Location: https://is.gd/OIWvr5?TRFE
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78cb24dac8f5b529-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 37284a837312d6586460a3b86bbe7bd0
6ac0847abd48eb8607597218aaa2cb2d434c012b
6a0e11bb042555d72b397ae0cc3d5e242d3a3fe04418e28ffd222decca7d16ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A0E11BB042555D72B397AE0CC3D5E242D3A3FE04418E28FFD222DECCA7D16CA"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9615
Expires: Sat, 21 Jan 2023 00:51:21 GMT
Date: Fri, 20 Jan 2023 22:11:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20304
Expires: Sat, 21 Jan 2023 03:49:30 GMT
Date: Fri, 20 Jan 2023 22:11:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8033
Expires: Sat, 21 Jan 2023 00:24:59 GMT
Date: Fri, 20 Jan 2023 22:11:06 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 20 Jan 2023 21:34:37 GMT
content-type: application/json
age: 2189
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: KqcG7enZCb8s/0n99loM/YNz4DuEiyAoWohrEZ/PYfEUEkdm9ryvgsNtBY0isi9jKeLj8vXxzNg=
x-amz-request-id: ADNAX1YEHK8C2F4B
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 20 Jan 2023 21:46:31 GMT
age: 1475
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 20 Jan 2023 22:11:06 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 20 Jan 2023 21:17:28 GMT
age: 3218
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bdb8a13dfce39d6e151a9ef185a772a1
037a680510f9dbce3c7cc3c0f9115fd587dbcd1d
98c8b7f269b9aad73b73fd946788ebfd7a4d7afbdd5347b56c67f73b947f5ff6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2182
Cache-Control: max-age=127931
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 22:11:06 GMT
Etag: "63ca59af-1d7"
Expires: Sun, 22 Jan 2023 09:43:17 GMT
Last-Modified: Fri, 20 Jan 2023 09:06:55 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.38.227.80101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.227.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /iVNYQpHaBRFEzh1Iy7mgA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pjcNLokxRZqFaqNrbaCnskXFrB4=
daniella.drvirmemn.site/ZWNhN3gsUEVNQlVSVURPTExBUi1DT0tFUiwxNjczOTE1MDE1LCxUUkFGRUUsMA?_branch_match_id=1062369509546216292&utm_source=facebook&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXL8xLKcvQSywo0MvJzMvWLw8sNMwoDU93LU8CALiL1nsiAAAA
68.66.226.117200 OK 440 B URL HTTP/1.1 daniella.drvirmemn.site/ZWNhN3gsUEVNQlVSVURPTExBUi1DT0tFUiwxNjczOTE1MDE1LCxUUkFGRUUsMA?_branch_match_id=1062369509546216292&utm_source=facebook&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXL8xLKcvQSywo0MvJzMvWLw8sNMwoDU93LU8CALiL1nsiAAAA
IP 68.66.226.117:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (894), with no line terminators
Hash 7156e24c8d2b04634d1d754bce892075
952a4cc1278ae33f6b0f5dcc7a01afb817296a47
18548c278662b84fd1f67fcb2b7824145808a54ee884f0eaea76aef815d3aa03
GET /ZWNhN3gsUEVNQlVSVURPTExBUi1DT0tFUiwxNjczOTE1MDE1LCxUUkFGRUUsMA?_branch_match_id=1062369509546216292&utm_source=facebook&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXL8xLKcvQSywo0MvJzMvWLw8sNMwoDU93LU8CALiL1nsiAAAA HTTP/1.1
Host: daniella.drvirmemn.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 440
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 20 Jan 2023 22:11:07 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
daniella.drvirmemn.site/_meetups/?click_id=pemburudollar-coker&network=TRAFEE&guid=96125061a75bf41c476a6ae1adb558fd
68.66.226.117302 Found 0 B URL HTTP/1.1 daniella.drvirmemn.site/_meetups/?click_id=pemburudollar-coker&network=TRAFEE&guid=96125061a75bf41c476a6ae1adb558fd
IP 68.66.226.117:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_meetups/?click_id=pemburudollar-coker&network=TRAFEE&guid=96125061a75bf41c476a6ae1adb558fd HTTP/1.1
Host: daniella.drvirmemn.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
location: /_meetups/r.php?click_id=coker&groups=pemburudollar&network=TRAFEE&guid=22f86d38c29ae38144625b32f7ce1ea7
content-type: text/html; charset=UTF-8
content-length: 0
date: Fri, 20 Jan 2023 22:11:07 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
daniella.drvirmemn.site/_meetups/r.php?click_id=coker&groups=pemburudollar&network=TRAFEE&guid=22f86d38c29ae38144625b32f7ce1ea7
68.66.226.117200 OK 409 B URL HTTP/1.1 daniella.drvirmemn.site/_meetups/r.php?click_id=coker&groups=pemburudollar&network=TRAFEE&guid=22f86d38c29ae38144625b32f7ce1ea7
IP 68.66.226.117:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (748), with no line terminators
Hash e55bd2fd0ff9d7764fa4c39e5a95ae69
cbf7296a9aede4033bac4ceef460c8c8426d6ae4
89d23dd7101676ab7c2b54a3056d6d4a4ba905d0ae7e5d8d3d9be2005f28794a
GET /_meetups/r.php?click_id=coker&groups=pemburudollar&network=TRAFEE&guid=22f86d38c29ae38144625b32f7ce1ea7 HTTP/1.1
Host: daniella.drvirmemn.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 409
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 20 Jan 2023 22:11:08 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7016
Expires: Sat, 21 Jan 2023 00:08:04 GMT
Date: Fri, 20 Jan 2023 22:11:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7016
Expires: Sat, 21 Jan 2023 00:08:04 GMT
Date: Fri, 20 Jan 2023 22:11:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7016
Expires: Sat, 21 Jan 2023 00:08:04 GMT
Date: Fri, 20 Jan 2023 22:11:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7016
Expires: Sat, 21 Jan 2023 00:08:04 GMT
Date: Fri, 20 Jan 2023 22:11:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72cb731e-e923-4be7-9dd2-8274ec9adc4f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72cb731e-e923-4be7-9dd2-8274ec9adc4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 865f3b7fce94742b22851118e29491a2
24d8d638eb39f3ff6a6a8f2337d77f3852a99dba
1b3bb3b03e787aa7b1f60f61c4adf6463a3586399d47c5ec5a2aec7b0aaa03ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72cb731e-e923-4be7-9dd2-8274ec9adc4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11675
x-amzn-requestid: 718b88d6-5f97-42b0-8e9d-1cd6e646690a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7UihGrpIAMFehw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79adc-03cdafe06c8871bb63cbbd6a;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:08:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ARzXtlV41pRcNijtEI0YObkrDQA63q4DZLg2w4yz5W1CsBsvQJ7zaQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 07:16:50 GMT
age: 53658
etag: "24d8d638eb39f3ff6a6a8f2337d77f3852a99dba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1eff6cdee4c98a6f806c5b417b12cdf2
4b4b817055dc2c0699c6e01d85841638e63d9c0e
2f2fdd1e829e4175e8cf915794ffc16e24dac72ab425448cd0ac5165b1b87b2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5351
x-amzn-requestid: 86ba43bc-0b0f-40ba-9015-463371baf673
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foQFg_IAMFSZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61301-0c1461622a361a5d0ab35cbb;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6KG0FqyN4ShRqE3cdV81X749Tlas0mf5W7Elvt5WOMZ1BHc3LXXU1g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 07:21:11 GMT
age: 53397
etag: "4b4b817055dc2c0699c6e01d85841638e63d9c0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5195ac5d83278bed049661c0d1aaa4a
74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e
30af8f591b2d4f7c8de7d52ea53bb170ca426ef0550001c7802a7f993a6344df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7111
x-amzn-requestid: d9b5e6b0-3995-4c70-be84-0b1b457b7143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRlHtkIAMFiGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73d-37d253ee68fe1b7e483097dd;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 86-hgCgiYN-PYLZgXJO79kM9Vm6DIiRixaz-kQZFaY0m5481x8GWlw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 22:04:24 GMT
age: 404
etag: "74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6889019ec9c1155e9e4b4eeb6a86760d
59c6f3a313efba4a67a63c9ae725db8d17c08c03
378510ecdbbb2b6248391195eace1dc3120d18b6f13e52033a3e88024592cac4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5588
x-amzn-requestid: c9d6f09b-2cd9-4137-9369-0295836e06e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnT0FkNIAMF7Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8e5-5c6360c025826ed06525c67e;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:40:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YDM_osYMROfqJk1OPZCo05eNDlcbqMjPkc0AvggHtzmOiDY12BS78Q==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 22:02:01 GMT
age: 547
etag: "59c6f3a313efba4a67a63c9ae725db8d17c08c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3638dc76d0638625ac9a31c038df3a44
deff1903d591273a96d538ae77988d8a080e228c
8382af3843ebeca8e5c13fdd60f7fb92b479915416f36686fce40566fd87ce68
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10867
x-amzn-requestid: 8d882e21-d4c5-49ac-b76a-198cec065377
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnVTEfpoAMFgJA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8ee-6579537e6a82269f4bc99395;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:41:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U9KuaPBC5u3bWYidHridxyj8GEYB79yig6zD9FxGCGwXh6zvs7QokA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 22:01:56 GMT
age: 552
etag: "deff1903d591273a96d538ae77988d8a080e228c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 850ee31b1f082edb554dc36202e15e41
024c328e33f8ce86f19dba1df42d2113946795e8
4689fece7429c6faf2d139100c098e996f9f0569ad3469a94c546cff89acc9ea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4689FECE7429C6FAF2D139100C098E996F9F0569AD3469A94C546CFF89ACC9EA"
Last-Modified: Wed, 18 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 21 Jan 2023 04:11:08 GMT
Date: Fri, 20 Jan 2023 22:11:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5553b06c7dde4dc377f9f4e65bc8ace7
9dca5486485416d1aef199be08a50abd717addc7
33a5d1a21738218e0a6fe16d79045bd390af2e84073330a0a94c03812e1ba3ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 70710215-b8fd-44eb-8b50-f0948f98366c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmQWFNvoAMF3ZQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b735-19e7e3865ce991cb5447f0f2;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Fc9dIiT5QQaTowAA6lp8ffJl4Niq3i_iVe54lYhAV52kJ8Q98EMJqQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 21:58:21 GMT
age: 767
etag: "9dca5486485416d1aef199be08a50abd717addc7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
178.162.199.80200 OK 2.2 kB URL HTTP/1.1 bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash d11d6066bce5b33c97eba7101a151adc
eb09e1f5e6165cd22a73c0fbe87ae9bd7379efed
9886475b566a7aa5bc477b5b48fca6a037bd03122e0aa01bd8b0fc9e0dd62c2f
GET /s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D; expires=Sat, 21-Jan-2023 22:11:08 GMT; Max-Age=86400; path=/; domain=naughtydatng.com
SID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtydatng.com
ESID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtydatng.com
Content-Encoding: gzip
bgaieic.naughtydatng.com/bundle/420/assets/css/style.css
178.162.199.80200 OK 22 kB URL HTTP/1.1 bgaieic.naughtydatng.com/bundle/420/assets/css/style.css
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type Unicode text, UTF-8 text, with very long lines (852)
Hash 2943331db0c4f2fc643bde3530cd91f4
0dfa118a98032779d988f53c2bcf974b4532702e
40f7e9d115b7410bc3bebfd36553748cc5051534631cfb4511e49a65e60cc3be
GET /bundle/420/assets/css/style.css HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: text/css
Content-Length: 21558
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:34:29 GMT
Vary: Accept-Encoding
ETag: "5fc154c5-5436"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5422c49666fc195ae94aa0f5cf837bfc
e0f1dd926cd9328ccf9cc99389337056c62f1043
f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 22:11:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bgaieic.naughtydatng.com/bundle/420/assets/js/functions.js
178.162.199.80200 OK 1.6 kB URL HTTP/1.1 bgaieic.naughtydatng.com/bundle/420/assets/js/functions.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
Hash cb500c68be160eed4d0cb7d350b38726
ad5dad7a9f6d18b9360709c86766b7614cc9610e
eabafb612a285e75817fdb14f7ad71a5ccb5cb8dcaddc4510d8d44d2a940bd14
Analyzer Verdict Alert fortinet Phishing
GET /bundle/420/assets/js/functions.js HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: application/javascript
Content-Length: 1635
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:34:29 GMT
Vary: Accept-Encoding
ETag: "5fc154c5-663"
Accept-Ranges: bytes
bgaieic.naughtydatng.com/js/click.js?8
178.162.199.80200 OK 5.3 kB URL HTTP/1.1 bgaieic.naughtydatng.com/js/click.js?8
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
Hash 8207d083c909c6386927c5197eff584c
a5f1148a0e9923191d3f8ed4c1750240374af2a9
f71ae9723255b00dcc8e3631fe419cbbb56a80b3034f184ca5292127d7b3eea9
Analyzer Verdict Alert fortinet Phishing
GET /js/click.js?8 HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: application/javascript
Content-Length: 5260
Connection: keep-alive
Last-Modified: Thu, 19 Jan 2023 12:26:11 GMT
Vary: Accept-Encoding
ETag: "63c936e3-148c"
Accept-Ranges: bytes
bgaieic.naughtydatng.com/bundle/420/assets/js/jquery.js
178.162.199.80200 OK 93 kB URL HTTP/1.1 bgaieic.naughtydatng.com/bundle/420/assets/js/jquery.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (32089)
Hash 397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Analyzer Verdict Alert fortinet Phishing
GET /bundle/420/assets/js/jquery.js HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: application/javascript
Content-Length: 92629
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:34:29 GMT
Vary: Accept-Encoding
ETag: "5fc154c5-169d5"
Accept-Ranges: bytes
fonts.googleapis.com/css?family=Open+Sans:800|Tienne:900
142.250.74.74200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:800|Tienne:900
IP 142.250.74.74:0
Hash a26117a1930cf1dd490076bc348294d2
88223257e3b0e1e0f94af988623b70e67c95333f
04f9548b3182fe5196556d26c9d87f10c29b47d599478b4fb92e1a2f267da9da
GET /css?family=Open+Sans:800|Tienne:900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 20 Jan 2023 22:11:09 GMT
date: Fri, 20 Jan 2023 22:11:09 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ckstatic.com/js/fancybox/2.1.4/jquery.fancybox.css?v=2.1.4
205.185.216.10200 OK 1.2 kB URL HTTP/1.1 ckstatic.com/js/fancybox/2.1.4/jquery.fancybox.css?v=2.1.4
IP 205.185.216.10:0
Hash c5b520cba6d0630c5f63fc948d10177b
db7ec8ff2be772855afc4ac07213a2c47566adb7
e1238fd0dd17b8b8f2fa99a001621cbc83c92250e3efe9ae90860cbc560b1154
GET /js/fancybox/2.1.4/jquery.fancybox.css?v=2.1.4 HTTP/1.1
Host: ckstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 22:11:09 GMT
Connection: Keep-Alive
ETag: "1607431508"
Cache-Control: public, max-age=3600
Content-Encoding: gzip
Content-Length: 1241
Content-Type: text/css
Last-Modified: Tue, 08 Dec 2020 12:45:08 GMT
Accept-Ranges: bytes
X-HW: 1674252669.dop221.sk1.t,1674252669.cds241.sk1.shn,1674252669.dop221.sk1.t,1674252669.cds214.sk1.sr,1674252669.dop152.ny3.r,1674252669.cds230.ny3.pr,1674252669.cds214.sk1.pr
bgaieic.naughtydatng.com/bundle/420/assets/img/NO.png
178.162.199.80200 OK 1.3 kB URL HTTP/1.1 bgaieic.naughtydatng.com/bundle/420/assets/img/NO.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Hash 74ac8fbc7f26e1a1783d12a4726bbbff
de489dac0306856d2bb12c8bf29e11782147c5de
07d248c5daf72f0a20ec3ce3d45a4a67999ee5c53811c5a6ffceea28cb59caf3
GET /bundle/420/assets/img/NO.png HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: image/png
Content-Length: 1288
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:34:29 GMT
ETag: "5fc154c5-508"
Accept-Ranges: bytes
bgaieic.naughtydatng.com/bundle/420/assets/img/507x530-3.jpg
178.162.199.80200 OK 24 kB URL HTTP/1.1 bgaieic.naughtydatng.com/bundle/420/assets/img/507x530-3.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 507x530, components 3\012- data
Hash da649647a9e51bf4fb1415af5b19ac49
86aa669b5cb9dc7e3990ba1c6f0ae2508daf5111
72855bc16353940795ddc61f9c9e4daf8e2140202672d9f936458653852188c7
GET /bundle/420/assets/img/507x530-3.jpg HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: image/jpeg
Content-Length: 24539
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:34:29 GMT
ETag: "5fc154c5-5fdb"
Accept-Ranges: bytes
bgaieic.naughtydatng.com/bundle/420/assets/img/507x530-4.jpg
178.162.199.80200 OK 29 kB URL HTTP/1.1 bgaieic.naughtydatng.com/bundle/420/assets/img/507x530-4.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 507x530, components 3\012- data
Hash a8da5684f5d677d1d0bbf2088facb736
679450fb9c059fd622eb75ba1a3d6790ce7a6f24
e1fddbcd5f1d3065845e3f71585e2dece4a0878dd806007b4360098c0a8f4bb8
GET /bundle/420/assets/img/507x530-4.jpg HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: image/jpeg
Content-Length: 28660
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:34:29 GMT
ETag: "5fc154c5-6ff4"
Accept-Ranges: bytes
bgaieic.naughtydatng.com/bundle/420/assets/img/507x530-1.jpg
178.162.199.80200 OK 26 kB URL HTTP/1.1 bgaieic.naughtydatng.com/bundle/420/assets/img/507x530-1.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 507x530, components 3\012- data
Hash 0e7b69e3a48e8465bcb337154bdc375c
be340ad157345ec71a02167a2912ee511c725e32
b27a7ce9383dde75554ee07ee1f51ea0bbf07abef3d28665a551a31c3e73e37d
GET /bundle/420/assets/img/507x530-1.jpg HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: image/jpeg
Content-Length: 25736
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:34:29 GMT
ETag: "5fc154c5-6488"
Accept-Ranges: bytes
bgaieic.naughtydatng.com/bundle/420/assets/img/507x530-2.jpg
178.162.199.80200 OK 25 kB URL HTTP/1.1 bgaieic.naughtydatng.com/bundle/420/assets/img/507x530-2.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 507x530, components 3\012- data
Hash 812a96ad266816ab16bf886f1c8d54f4
c8367ed98c2c86d791314c574669b5f2008ae360
b23a24aa1b51bf7847d73db4c764078f84918dd5c2df9467512428a64de394c1
GET /bundle/420/assets/img/507x530-2.jpg HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: image/jpeg
Content-Length: 25338
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:34:29 GMT
ETag: "5fc154c5-62fa"
Accept-Ranges: bytes
bgaieic.naughtydatng.com/bundle/420/assets/img/bottom_thumbs.jpg
178.162.199.80200 OK 91 kB URL HTTP/1.1 bgaieic.naughtydatng.com/bundle/420/assets/img/bottom_thumbs.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 992x165, components 3\012- data
Hash 0b46f3435a90cd0083d86d449c0ac01e
b93b4e17a366c6c93fddb5589fcb643e34f51f5a
c4f3f20346b43979c2ae66752abdbab7c30ee67cd7c5b76e227d182590f20049
GET /bundle/420/assets/img/bottom_thumbs.jpg HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:09 GMT
Content-Type: image/jpeg
Content-Length: 90823
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:34:29 GMT
ETag: "5fc154c5-162c7"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 22:11:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgshZ1x4gaVI.woff2
142.250.74.35200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgshZ1x4gaVI.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 16696, version 1.0\012- data
Hash 851255bc75bbde5522202bc66bca47ad
aa7ef04a80507e95574269c293361d9c89d76dc1
e7cba74abd33c24cef9652915738c63c891c517e3f407d0894f11a7aec9c015e
GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgshZ1x4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bgaieic.naughtydatng.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16696
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Jan 2023 01:51:00 GMT
expires: Sat, 20 Jan 2024 01:51:00 GMT
cache-control: public, max-age=31536000
age: 73210
last-modified: Mon, 15 Aug 2022 18:16:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bgaieic.naughtydatng.com/js/fp2.min.js
178.162.199.80200 OK 31 kB URL HTTP/1.1 bgaieic.naughtydatng.com/js/fp2.min.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (30507)
Hash e7d6b85edb141824af8951e19333337c
76600b2cb1978ca24d9fe39b1412f052da855ddb
6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e
Analyzer Verdict Alert fortinet Phishing
GET /js/fp2.min.js HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D; CF=Lun+sQXYPaox91lPAgjElg__
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:10 GMT
Content-Type: application/javascript
Content-Length: 30685
Connection: keep-alive
Last-Modified: Thu, 19 Jan 2023 12:26:11 GMT
Vary: Accept-Encoding
ETag: "63c936e3-77dd"
Accept-Ranges: bytes
bgaieic.naughtydatng.com/bundle/420/assets/img/favicon.png
178.162.199.80200 OK 6.2 kB URL HTTP/1.1 bgaieic.naughtydatng.com/bundle/420/assets/img/favicon.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 024b79c399646cd754c99e8d4b0a5e87
e42de65ba384b1db6bfcc56bcedbb2b80df229e4
014a887229b9cd82de1090f8f53a6860c00a468269f31e1f5f15dd88cc5c3284
GET /bundle/420/assets/img/favicon.png HTTP/1.1
Host: bgaieic.naughtydatng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgaieic.naughtydatng.com/s/6397420b14694?track=COKER&click_id=Q09LRVIsTk8sOTEuOTAuNDIuMTU0LFdFQixQRU1CVVJVRE9MTEFS
Cookie: s=V37ten9pqfJTBS5WArmuF0g9EykEezI25pN88zuBufZNfxFVgzeKeZ4nRBwvmjpp4E%2Bhbd9WASMIf7F6NCxzFyB%2BNvmnPpsr%2FRxQArYCZeNZHWiYXs86q9slpgzshpDtdtthW3BGqYWpaocnpOyeD%2Fm5t8c4cGRkDdm5KL1dCc7Hja1ziVZQd8l54%2BavkrfONDqzlRgQLVH91Wc5YaqpsF8oRDnCdEdnMgYTHNQOWjrtTUNnbVXsoiWX0Ti4S3MbEsNerYYnN5frqoz0f1gbk2NGbQm5jRZ2H72l7QGL5fLLijqg9kEvGti0JEsA121Evf%2Bo6jQt45dn9BOCKzN0TPx9VRWEz043yYlTG4eHAToA9ICCASZGifFWq5XkAb%2BtBY8zHV1Jox9bqh2Uo%2Fmtg2qB%2FqqQywXMgBxv5scrXOOQdaLAH4zQL4q0p%2FYrKTNmad%2FEk6ZrqeTgBCJc5AU00wCkUnM%2BRdRa4KukL42zM7lMT%2FPIh9fDokWHKq2J9JODxM%2FP8x1VoBcDKPv1DDce%2F48vPG3tUAi7hF2nhuEB75W4xzDt7t2O%2BtSnbWD8vnRtCOLKvAXJVx9Z5wZk0j13LKzerMR6pcJM7nfxLgEl%2BMwcjwNu6NlNUvl1WBjnBRgwuJ0nixqoPOSVHql1ytwK%2BvLISJjJ1gXTQhP2FtZ%2FIwyLOvBcPD9JsSAb4AKGnrSdmGOrwp7LMcQ20A3FSoZBj7YO83zNXfN8rj4CsP35QNOqJH%2FPDJQeXbBeE4Lx2uTmj0JnimhkEEvy%2F06oVYwyUo3Mqfd5qiuDTdg5MgbIHCab4l4HL2K8dgnzd146PwHTTHY%2Fsj3K7nloYoCavUaBWG9VC2W7%2BcJAM9IRg1T5dgCAlagAgsYvC2MYMYKTb3xHDHyuokKi9CEZ%2FxaRVD66YfF1CDXqmT6JYafSWCpDZqcZa6iQw37nIlOHj4fa3FvlD8CU5QMtTmn%2FNe5MmHib1fMs6i%2FcizNgCv1sFUUjJ%2BMJndMDgUueRPyidA0Tk49CSCJCCzSmrQSDQMPXC1KVE0IBM%2BST9KebaPxF6N0u6UPSrH9FOcpJXka4QKU1S3Ue9SfxtssyVIPghJ5WGLzzrFVxaebtoTB%2FwweI1RMWVFjrF6tkNEIStJjQiTB5l%2FcdAYe%2FuuYueuXX3DmBO0BCxoXP%2BgVEBRAyuMd%2B%2FZ6jB9JS2kzlpfpk3NeOjfNmPsXL7bmgfY6poU1o5lV1P7Zx4ezLHaUgM9xn9gNERYOElNgnS11l0QETp%2FOZZyKq1CRGEeuymUmPMafBqGTAJXYrcXqk4Y%2BtQN30KNIegZOyUZoqsMk7kmYIwQMTQntlOlKVW5eRZIQ4lOJIWB%2BDj8TDpboz0ga28t00wu%2BE%2F2e8BSZ%2B6I5OHXBRt3ZXBLbWp8GVEBtBJwfH0KhRM1MQRZpHqn7%2BpmqR169iSp2nVHun4tt4dpeK2REPbIJo4D2EBBmF1qV%2FwFBh0HzRuiBtMimZN8bBG87ldo7DwZdpu6LZw5vUYPNqIHlT4UIc6CDblcH8u64ZKSYOwwPkGSBI%2Fx001QUt2RwatbA8MZ6bjn5%2BoqG9V4cwy71IRNA10cSSl0%2BP64Jyzr4dqyCUA3C%2FAlhn7MT3j0Q5hXf8H%2FJ%2Fn%2BE1wcvLDL%2F081v6bvTFSpcFQin6Tg%3D%3D; CF=Lun+sQXYPaox91lPAgjElg__
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 20 Jan 2023 22:11:10 GMT
Content-Type: image/png
Content-Length: 6152
Connection: keep-alive
Last-Modified: Fri, 27 Nov 2020 19:34:29 GMT
ETag: "5fc154c5-1808"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 22:11:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
is.gd/OIWvr5?TRFE
104.25.233.53301 Moved Permanently 0 B IP 104.25.233.53:0
GET /OIWvr5?TRFE HTTP/1.1
Host: is.gd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Fri, 20 Jan 2023 22:11:06 GMT
content-type: text/html; charset=UTF-8
location: https://qndvh.app.link/wQq1huWgEwb
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78cb24dc7b7db4f1-OSL
X-Firefox-Spdy: h2
qndvh.app.link/wQq1huWgEwb
54.230.111.16307 Temporary Redirect 0 B URL HTTP/2 qndvh.app.link/wQq1huWgEwb
IP 54.230.111.16:0
GET /wQq1huWgEwb HTTP/1.1
Host: qndvh.app.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _s=%2F31SILt7P19jZ7KS8kYPQ1uvv6lIK49jS2sQqA846IjvTr%2Fva2wjaW9hs%2FuemTYW
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 307 Temporary Redirect
location: http://daniella.drvirmemn.site/ZWNhN3gsUEVNQlVSVURPTExBUi1DT0tFUiwxNjczOTE1MDE1LCxUUkFGRUUsMA?_branch_match_id=1062369509546216292&utm_source=facebook&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXL8xLKcvQSywo0MvJzMvWLw8sNMwoDU93LU8CALiL1nsiAAAA
server: openresty
date: Fri, 20 Jan 2023 22:11:06 GMT
set-cookie: _s=%2F31SILt7P19jZ7KS8kYPQ1uvv6lIK49jS2sQqA846IjvTr%2Fva2wjaW9hs%2FuemTYW; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Sat, 20 Jan 2024 22:11:06 GMT; Secure
last-modified: Fri, 20 Jan 2023 22:11:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: AbwdlHAA6dWSG-s0YfsNwL5WUvTFd5063Vn1MmM77Uk3Y8O1HKX_Mw==
X-Firefox-Spdy: h2